[英]Unable to insert Images record in MySQL Table
I am creating a PHP program which takes Product information and its images as input and store the information in the database. 我正在创建一个PHP程序,将产品信息及其图像作为输入并将信息存储在数据库中。 I have written the following code, its inserting the 'Product Information' records in the database, but not inserting 'Image record' in the database, and also giving me an error message. 我已经编写了以下代码,它在数据库中插入了“产品信息”记录,但没有在数据库中插入“图像记录”,并且还给了我一条错误消息。 Kindly check it and tell me where i am making the mistake. 请检查并告诉我我在哪里出错。 Thanks. 谢谢。
You have an error in your SQL syntax; 您的SQL语法有误; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 检查与您的MySQL服务器版本相对应的手册,以在第1行的''附近使用正确的语法
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
</body>
</html>
<?php
global $current_id;
session_start();
if(isset($_SESSION['username']))
{
include 'connect.php';
$select_query= 'Select * from category';
$select_query_run = mysql_query($select_query);
echo "
<form action='insert_product.php' method='POST' enctype='multipart/form-data' ></br>
Product Name: <input type='text' name='product_name' /></br>
Price : <input type= 'text' name= 'price' /></br>
Description : <input type='text' name='description' />*Seperate by Comma</br>
File : <input type='file' name= 'image' >
";
/*------------------
Drop Down List Start
------------------*/
echo "<select name='category'>";
while ($select_query_array= mysql_fetch_array($select_query_run) )
{
echo "<option value='".$select_query_array['category_id']."' >".
htmlspecialchars($select_query_array["name"])."</option>";
}
$selectTag= "<input type='submit' value='Insert' /></select></form>";
echo $selectTag;
/*-----------------
Drop Down List End
------------------*/
if(isset($_POST['product_name']) && isset($_POST['price']) && isset($_POST['description']) )
{
$product_name = $_POST['product_name'];
$price = $_POST['price'];
$description = $_POST['description'];
$category = $_POST['category'];
$query= "insert into products (name, price, description, category_id )
VALUES( '$product_name', $price, '$description', $category )";
if($query_run= mysql_query($query) )
{
echo 'Data Inserted';
$current_id= mysql_insert_id();
}
else
{
'Error In SQL'.mysql_error();
}
}
else
{
echo 'Plesae fill all the Fields';
}
/*-------------------
IMAGE QUERY
---------------*/
$file =$_FILES['image']['tmp_name'];
if(!isset($file))
{
echo 'Please select an Image';
}
else
{
$image_check= getimagesize($_FILES['image']['tmp_name']);
if($image_check==false)
{
echo 'Not a Valid Image';
}
else
{
$image =file_get_contents ($_FILES['image']['tmp_name'] );
$image_name =$_FILES['image']['name'];
$image_query ="insert into product_images VALUES ($current_id, '$image_name', $image)";
// $image_query= "INSERT INTO `product_images` (`product_id`, `name`, `image`)
//VALUES ('1', '{$image_name}', '{$image}')";
if (mysql_query($image_query))
{
//if ($image_query =mysql_query (insert into product_images values
// ($current_id, $image_name, $image"))
// echo $current_id;
//echo 'Successfull';
}
else
{
echo "<br>". mysql_error();
}
}
}
/*-----------------
IMAGE QUERY END
---------------------*/
}
else
{
echo 'You Must Log in To View this Page!';
}
?>
Two problems. 两个问题。
First, you should escape the values to prevent SQL injection, and also to deal with the fact that $image
contains binary data. 首先,您应该转义这些值以防止SQL注入,并且还应处理$image
包含二进制数据的事实。
Second, you have to quote $image
in the SQL. 其次,您必须在SQL中引用$image
。
Try this: 尝试这个:
$image =mysql_real_escape_string(file_get_contents ($_FILES['image']['tmp_name'] ));
$image_name =mysql_real_escape_string($_FILES['image']['name']);
$image_query ="insert into product_images VALUES ($current_id, '$image_name', '$image')";
try using it this way for insert sql : 尝试使用这种方式插入sql:
$query= "insert into products (name, price, description, category_id )
VALUES( '$product_name', '$price', '$description', $category )";
$price needs to be inside quotes too..... $ price也必须放在引号内.....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.